US EditionHow Your Private ChatGPT And Gemini Chats Are ‘Sold For Profit’
Urban VPN Proxy and related extensions collected AI chatbot data from over 8 million users since July 2025 for ad analytics, exploiting a Chrome Web Store policy loophole.
- Monday, Koi Security disclosed that Urban VPN Proxy began harvesting AI chatbot prompts and responses after version 5.5.0, sharing data with BiScience and affecting over 8 million users.
- A loophole in the Chrome Web Store Limited Use policy appears to let some extensions transfer data, with researchers saying extensions claim exceptions to justify sharing user data, Palant wrote.
- The extension injects a platform-specific 'executor' script, overriding fetch and XMLHttpRequest, to intercept chats on platforms like ChatGPT, Claude, Gemini, Copilot, and Perplexity, said Dardikman.
- If you have any of these extensions installed, uninstall them now, Idan Dardikman concluded, and researchers said uninstalling is the only way to stop the collection; Google did not immediately respond, despite Urban VPN Proxy receiving a Chrome Web Store Featured Badge.
- Ad blockers and VPNs meant to protect privacy were found to be harvesting conversations, and users who installed the extension before the update missed the consent prompt added in version 5.5.0.
11 Articles
11 Articles
A study conducted by researchers at the Koi cybersecurity company on privacy-related extensions has found that some are collecting and selling complete user conversations on major AI platforms. These malicious extensions, available for Google Chrome, Microsoft Edge and other Chromium-based browsers, can detect and capture conversations from ten AI platforms, including ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok and Met…
The Urban VPN Proxy extension, recommended by Google and used by more than 8 million people, has secretly collected and resold all conversations with AIs like ChatGPT, Claude or Gemini. The collection was carried out continuously, even VPN out, via a script that was executed in the background. A massive betrayal of trust revealed by cybersecurity researchers.
VPN browser extensions advertised as privacy tools have proven to pose a serious threat to AI users. Security researchers have revealed that millions of people may have unknowingly shared their conversations with ChatGPT and Gemini. The case involves popular add-ons for Chrome and Edge browsers, including one officially recommended by Google. The scale of the leak is massive, encompassing full conversation content, metadata, and technical sessio…
Coverage Details
Bias Distribution
- 75% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
